Subject: CVS commit: pkgsrc/audio/libtunepimp0.4
To: None <pkgsrc-changes@NetBSD.org>
From: Lubomir Sedlacik <email@example.com>
Date: 08/21/2006 17:55:01
Module Name: pkgsrc
Committed By: salo
Date: Mon Aug 21 17:55:01 UTC 2006
pkgsrc/audio/libtunepimp0.4: Makefile distinfo
Security fix for CVE-2006-3600:
"A vulnerability in libtunepimp can be potentially exploited by
malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error in the
"LookupTRM::lookup()" function when retrieving album release dates.
This can be exploited to cause a buffer overflow by returning an overly
long release date string (more than 100 bytes).
Successful exploitation may allow execution of arbitrary code in context
of an application using the vulnerable library."
Patch from MusicBrainz SVN. Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -r1.2 -r1.3 pkgsrc/audio/libtunepimp0.4/Makefile
cvs rdiff -r18.104.22.168 -r1.2 pkgsrc/audio/libtunepimp0.4/distinfo
cvs rdiff -r0 -r1.1 pkgsrc/audio/libtunepimp0.4/patches/patch-ae
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.